June 22, 2009, 8:44 PM — The biggest obstacle to putting a good disaster recovery plan in place is inadequate funding. My current survey (see the bottom of this entry) asks how the recession has affected your disaster recovery plans, but it may not just be the recession that's causing the problem.
Even before the economy tanked, there has always been a disconnect between executive decision-makers and the IT department in areas that don't immediately deliver ROI or contribute to an ongoing process. "Just in case" technology like disaster recovery just sits in the background. You need it, you know that you need it, but it's sort of like a spare tire in the trunk of your car. You hope you never have to use it, and you probably forget to check the air pressure every few months just to make sure it's still good, and when you eventually take it out it's gone flat. And here's a speculation that we all know is true: IT guys are the ones that are more likely to check the air pressure--the C-level guys are the ones with the flat spare.
How do you talk the people upstairs into putting money into disaster recovery? Here's some ideas.
Hold a disaster preparedness exercise. They will love it, because it sounds productive and cheap. But this is where you get 'em. As part of the exercise, you make an assumption of a major disaster. They're expecting a high school fire drill, but you're going to give 'em the bottom line. You'll test out all your procedures, make a nice little manual--but crunch some numbers for your final report. Show them exactly how much money the company would have lost as a result of the major disaster, even though everything seemed to go smoothly. Then show them what you need to avoid that loss.
Whether the boss is a pointy-haired nitwit or a business wizard, there are three things they're afraid of: Lost revenues, unsatisfied customers, and angry government regulators. The theoretical disaster you create will naturally result in all three. Every minute your system is down, your company is losing money--and you can calculate those short-term losses. Unsatisfied customers will go elsewhere, and that results in long-term losses. And data loss may result in security or even privacy breaches, depending on the scenario, which may cause you to fall out of compliance with whatever regulation you must follow--and this results in fines. All it takes is a good presentation to sway the mind of the people who write the checks.